Sunday, September 5, 2010

Web Laundry (In)Security

Disclaimer: This article is for informational purposes only. The author shall not be liable for any misuse or misconduct resulting from the use of the information provided within.

My apartment building recently switched from coin-op laundry machines to a stored value system using smartcards. The way it works is they have a central dispensing machine that you can use to purchase a card as well as fill up existing cards using a credit card. Each washer/dryer then has a reader interface that will decrement the stored value after starting the machine.

Being the curious type I stuck the card into my smartcard reader to see what chip they were using. A quick google search of the ATR revealed it was a member of the Atmel CryptoMemory family, AT88SC0404C. After pulling the datasheet from Atmel. I began exploring the security mechanisms they had in place.

Before I go any further I should explain that the remaining portion of this article doesn't explain an attack on the Atmel CryptoMemory parts in any way. If that is what you're after I recommend reading Tarnovsky's blog or an attack on the CryptoMemory algorithm here. With that out of the way let's forge on.

After reading through the datasheet I found that this card had a configuration page and 4 user-pages each consisting of 128bytes. I dumped the config using the following APDU.

After spending some time hand parsing the response I came up with this config.

By looking at the above we can pick out a few things. First of all the 0x27 fill is probably a security measure because we haven't authenticated in any way. Secondly, bit 4 of the DCR byte tells us that we only have 4 attempts to verify any of the eight passwords before we're locked out. Also, by looking at AR registers [0,3] we can see that all user pages do not require a password but they do require authentication. Here is another interesting tidbit from the datasheet:

Seems simple enough, verify the write 7 password, program the configuration, then blow a one time programmable fuse to prevent anyone from changing the data. So, let's read the fuse byte!

This is where things start to fall apart. According to the datasheet a fuse byte of 0x27 means only the SEC bit is blown which is done by Atmel during manufacturing to lock the lot code. With the proper write 7 password we can change the configuration (HINT: maybe removing the authentication enable bits from AR bytes?)

Ok, now we just need to guess the write 7 password. The password is 24 bits... That gives us 16,777,216 attempts to brute force it. At 4 attempts per card that will take 4,194,304 cards or 2,097,152 cards on average... There must be an easier way... My next idea was to sniff the traffic between the reader and card to get an idea of what kind of data is being passed back and forth, then after wading through the paper above, implement the algorithm to crack the cipher itself. Then I found this little diddy in the datasheet:

.

Surely you would think the engineer(s) implementing this weren't negligent enough to leave the default password... you would be wrong.

Now that we can read/write the config page all we have to do is set AR bits 4-7 to disable the password and authentication check then we can dump the user pages. I found a few things by dumping the user pages. Page 0 contains some string constants and doesn't look to be related to the stored value in any way. Page 1 looks to have all the goodies. By dumping the card before and after use I can see the bytes that change. There appears to be a sequence of 36 bytes that differ between dumps starting at 0x5c. There is also a 1 byte counter that increments by 1 as the stored value is decremented. I've yet to decode how the stored value is encoded on the card so I'll leave that as an exercise for the reader.

At this point an attacker could fill up the card and dump the contents. Then after using the card until there is no value left they could restore the dump rather than paying to refill the card. I don't want to promote fraud (or get sued) so I will not provide dumps of the user pages. Below is a proof of concept video to prove how easily it can be done.

I wrote the application below in C# to assist in working with the Atmel CryptoMemory line. Although I've only tested it on a AT88SC0404C it should work with any chipset in the family. The software provides the ability to dump the config to the terminal, read the fuse byte, and backup and restore the entire card including the config and user pages. Be warned! Since the fuse byte is completely unlocked all fields in the config page are writable. Even the ATR! On a few occasions I overwrote the ATR to all zeros accidentally (due to a bug in the application.) This caused the cards to respond with all zero ATRs which broke ISO-7816-3 compliance so they no longer work in my reader. It may be possible to recover them using the synchronous 2-wire serial interface but I haven't tried yet. The software should work with any compatible PC/SC reader.

Web Laundry claims 40,000 installations on there website. I can only assume that there are millions of cards in service with the same configuration. I'm unsure why they would pay ~$1.05/pc (qty 5k) for a part that has moderate security measures but then leave the default password set when you could buy an SLE4442 for $0.39/pc (qty 10k). Furthermore, the cost to change the password is effectively nothing since they are writing the ID (+0x19) bytes when they dispense the card from the machine. I can only imagine it was the marketing department that came up with the slogan on the card: "Unmatched Security and Cutting Edge Technology".

THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software is provided free of charge under the creative commons license. If you find this software useful please consider making a secure donation using the link to the right to support future research.

60 comments:

That's a nice piece of work :)But tell a newbie one thing, how do you manage to find which chip it was using?What kind of software do you use to explore the card? ToolSet Pro ???Thanks.Keep up the good work.

@YaBa - Yeah I used Toolset pro to do the initial analysis and proof of concept. After sticking the card in the reader scard toolset pro will show the ATR, 3b b2 11 00 10 80 00 04. Googled that to get the family (Atmel CryptoMem) then pulled the datasheet.

@haywire - The fuse byte can both be read or written. When writing it (1->0) it will blow and cannot effectively be reversed. I recommend the tarnovsky blog link above. He was able to reset the fuse (0->1) by decapping and using UV light (on another chipset in this family).

@troll - I won't publish the binary for liability reasons. I'm currently trying to figure out if I can safely publish the source which is why I took it down. This is all new to me :) You shouldn't have any trouble compiling in visual studio express 2010 though.

@markermanx5 - It does compile, that is a run-time error. Is your reader plugged in and PC/SC compatible? Please read the blob above about NO expressed or implied warranties. In other words, no support :) However, if you want to provide better error handling I'd be happy to pick up the changes and re-post?

@YaBa - Yeah, I own a bus pirate. I've used it to read the synchronous memory cards like the stored value card from fedex/kinkos. I haven't tried reading this card in sync mode though.

Also, I found an old card that was originally sent from Web Laundry when they installed it and it was properly locked down with the fuse set to 0x20. Seems like it is just the cards stocked in this machine that aren't properly configured.

@Hans - I need your help, i've spent the last 2 hours looking for the technical specs of Gemplus GemClub Memo card.I just know a few APDU commands. I would like to learn more about this type of card.Any help would be great.(Note: The card is in user mode, I don't know how to auth)I'm considering in buying a season 2 interface to study, but some PDF would really be great.Thanks in advance.

Hope this helps! Have you found a nice season 2 interface? I was looking for one some time back but couldn't find what I wanted. Ideally I'd like a board with a passthrough to a card slot with a pic micro attached to the CLK RST DAT lines to sniff traffic as well as drive the lines (if there is no card inserted). From what I've seen it sounds like I'll need to roll my own...

@Hans: Thanks a lot, but, I insisted on Google, and found a DocStoc version. And then, asked on that blog about the file, the author posted it today. But hey, I really apreciate your help and work.Regarding Season 2, i'm still looking around in sat foruns and shops (electronicasuiza.com might help).However... my "tests" card is now almost dead, i've locked CSC0, CSC1 and CSC2 :| :| :| Can read it, but nothing else. Can it be unlocked with some mumbo jumbo magic code? or is it trashed forever?thnx

My card has all four fuses blown (security byte 0x20). Wondering if you could help me understand the authentication process and how does one compute the challenge and get a good verify crypto command going? If it isn't possible and its just a fancy name for a password please tell me... I've been trying to understand ATMEL's idea of authentication, but cannot seem to get a good grasp on it.

So i have the problem of always getting SW=6E00 (command class is not supported). I get it with your application as well as my c# ports of SMACADU and my APDU scanner. Now matter what value I use for the class I always get the same SW=6E00 response. Have any of you ran into this problem or any ideas on something I may be over looking?

I compile your app but it won't select the card; has an error Failed to get ATR: SW=6D00. I read the PDF specs on my card, but it's like Greek to me. I even got the ToolSet pro demo. Am I supposed to do a scan to get the hex values? Kinda hard with a demo version. I'm trying to see if they left the default password and fuse unblown like yours.

And then would I modify your AtmelCryptoMem.cs file for my card?

I'm so lost... yet I feel I'm walking down the right path. It would probably help if I had basic knowledge of smart card technology.

When I compile and try to install, it keeps throwing errors on Windows. It compiles fine without errors, and installs fine as well, but will not run for the life of me. I've tried on Windows 7 64 and XP 32 with no luck. Using Visual C# 2010. If anyone is willing to share the executable please contact me runfrugal at gmail.com

Like a few others, I have multiple cards and they all have a fuse state of 0x20 (totally blown).

I've found a company where I can buy a few SCs with the exact same chipset and I'm wondering what your thoughts are on finding a dump of a card and loading it onto one of these empty cards. Do you see any problems with this working? The idea is to build-a-card that I can start playing around with.

If so and you're not too busy, would you mind sending me one of your dumps?

i think i see the problem that im facing. i see that the program uses GEMCARD info. i have been using a normal iso programmer 3.68 i guess that will not work and i need to get a programmer like the ones in the video ?

We are the honored guests who visit blog locales like yours is extraordinary, thanks a lot.This is One of the best posts. This gives a great deal of data uniquely those heading for informist Thanks for sharing this post. Cms website

I think mimicking popular posts on other blogs is one of the best ways to get a good idea which will be popular.Such a lovely blog you have shared here with us. Really nice. My security services 1300 788 828 is security monitoring company that provides cheap venue security, business security, Alarm systems, event security, building construction site security, crowd control services and helps to hire friendly personal security officer, security technician, private bodyguard in Sydney, Brisbane, Canberra and The Gold Coast Australia.

I have 3 Miele self service laundry where clients pay for the service, using SLE4442 cards.Miele sells those cards, but in a very high price. I’ve already tried cards with the same SLE4442 chip but the payments machine doesn’t accept them because the only ones that work are the ones sold by Miele… I read and read and read and find out the ATR code for the cards that work. My question is if it is possible having the machine recognition codes do "format" blank cards that can be used on the machine